製品・ソフトウェアに関する情報

JVN脆弱性詳細

OpenSC におけるプライベートデータオブジェクトを読まれる脆弱性

Title	OpenSC におけるプライベートデータオブジェクトを読まれる脆弱性
Summary	OpenSC には、PIN の要件を回避される、およびプライベートデータオブジェクトを読まれる脆弱性が存在します。
Possible impacts	攻撃者により、(1) 低レベルの APDU コマンドまたは (2) デバックツールを介して、PIN の要件を回避される、およびプライベートデータオブジェクトを読まれる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	March 2, 2009, midnight
Registration Date	Sept. 25, 2012, 5:27 p.m.
Last Update	Sept. 25, 2012, 5:27 p.m.

CVSS2.0 : 注意
Score	2.1
Vector	AV:L/AC:L/Au:N/C:P/I:N/A:N

Affected System

OpenSC team

OpenSC 0.11.7 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-0368	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0368
National Vulnerability Database (NVD)
2	CVE-2009-0368	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0368

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-310	https://jvndb.jvn.jp/ja/cwe/CWE-310.html

ベンダー情報

No	Name	URL
opensc-project
1	Top page	http://www.opensc-project.org/opensc

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2009-0368

Summary	OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.
Summary	Vulnerabilidad en OpenSC en versiones anteriores a v0.11.7 que permite a atacantes próximos físicamente evitar los requisitos de autenticación/validación de PIN a través de (1) el comando APDU de bajo nivel o (2) una herramienta de depuración de errores, como se ha demostrado leyendo el fichero 4601 o 4701 con el programa opensc-explorer o opensc-tool.
Publication Date	March 3, 2009, 7:30 a.m.
Registration Date	Jan. 29, 2021, 1:14 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:opensc-project:opensc::::::::		0.11.6
cpe:2.3:a:opensc-project:opensc:0.3.2:::::::*
cpe:2.3:a:opensc-project:opensc:0.3.5:::::::*
cpe:2.3:a:opensc-project:opensc:0.4.0:::::::*
cpe:2.3:a:opensc-project:opensc:0.5.0:::::::*
cpe:2.3:a:opensc-project:opensc:0.6.0:::::::*
cpe:2.3:a:opensc-project:opensc:0.6.1:::::::*
cpe:2.3:a:opensc-project:opensc:0.7.0:::::::*
cpe:2.3:a:opensc-project:opensc:0.8:::::::*
cpe:2.3:a:opensc-project:opensc:0.8.0:::::::*
cpe:2.3:a:opensc-project:opensc:0.8.0.0:::::::*
cpe:2.3:a:opensc-project:opensc:0.8.1:::::::*
cpe:2.3:a:opensc-project:opensc:0.9:::::::*
cpe:2.3:a:opensc-project:opensc:0.9.2:::::::*
cpe:2.3:a:opensc-project:opensc:0.9.3:::::::*
cpe:2.3:a:opensc-project:opensc:0.9.4:::::::*
cpe:2.3:a:opensc-project:opensc:0.9.5:::::::*
cpe:2.3:a:opensc-project:opensc:0.9.6:::::::*
cpe:2.3:a:opensc-project:opensc:0.9.7:::::::*
cpe:2.3:a:opensc-project:opensc:0.9.7:b::::::
cpe:2.3:a:opensc-project:opensc:0.9.7:d::::::
cpe:2.3:a:opensc-project:opensc:0.9.8:::::::*
cpe:2.3:a:opensc-project:opensc:0.10.0:::::::*
cpe:2.3:a:opensc-project:opensc:0.10.1:::::::*
cpe:2.3:a:opensc-project:opensc:0.11.0:::::::*
cpe:2.3:a:opensc-project:opensc:0.11.1:::::::*
cpe:2.3:a:opensc-project:opensc:0.11.2:::::::*
cpe:2.3:a:opensc-project:opensc:0.11.3:::::::*
cpe:2.3:a:opensc-project:opensc:0.11.3:pre3::::::
cpe:2.3:a:opensc-project:opensc:0.11.4:::::::*
cpe:2.3:a:opensc-project:opensc:0.11.5:::::::*

Related information, measures and tools

No	URL	refsource
1	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html	cve@mitre.org
2	http://openwall.com/lists/oss-security/2009/02/26/1	cve@mitre.org
3	http://secunia.com/advisories/34052	cve@mitre.org
4	http://secunia.com/advisories/34120	cve@mitre.org
5	http://secunia.com/advisories/34362	cve@mitre.org
6	http://secunia.com/advisories/34377	cve@mitre.org
7	http://secunia.com/advisories/35065	cve@mitre.org
8	http://secunia.com/advisories/36074	cve@mitre.org
9	http://security.gentoo.org/glsa/glsa-200908-01.xml	cve@mitre.org
10	http://www.debian.org/security/2009/dsa-1734	cve@mitre.org
11	http://www.opensc-project.org/pipermail/opensc-announce/2009-February/000023.html	cve@mitre.org
12	http://www.securityfocus.com/bid/33922	cve@mitre.org
13	https://exchange.xforce.ibmcloud.com/vulnerabilities/48958	cve@mitre.org
14	https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00673.html	cve@mitre.org
15	https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html	cve@mitre.org
16	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html	af854a3a-2127-422b-91ae-364da2661108
17	http://openwall.com/lists/oss-security/2009/02/26/1	af854a3a-2127-422b-91ae-364da2661108
18	http://secunia.com/advisories/34052	af854a3a-2127-422b-91ae-364da2661108
19	http://secunia.com/advisories/34120	af854a3a-2127-422b-91ae-364da2661108
20	http://secunia.com/advisories/34362	af854a3a-2127-422b-91ae-364da2661108
21	http://secunia.com/advisories/34377	af854a3a-2127-422b-91ae-364da2661108
22	http://secunia.com/advisories/35065	af854a3a-2127-422b-91ae-364da2661108
23	http://secunia.com/advisories/36074	af854a3a-2127-422b-91ae-364da2661108
24	http://security.gentoo.org/glsa/glsa-200908-01.xml	af854a3a-2127-422b-91ae-364da2661108
25	http://www.debian.org/security/2009/dsa-1734	af854a3a-2127-422b-91ae-364da2661108
26	http://www.opensc-project.org/pipermail/opensc-announce/2009-February/000023.html	af854a3a-2127-422b-91ae-364da2661108
27	http://www.securityfocus.com/bid/33922	af854a3a-2127-422b-91ae-364da2661108
28	https://exchange.xforce.ibmcloud.com/vulnerabilities/48958	af854a3a-2127-422b-91ae-364da2661108
29	https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00673.html	af854a3a-2127-422b-91ae-364da2661108
30	https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:opensc-project:opensc::::::::		0.11.6
cpe:2.3:a:opensc-project:opensc:0.3.2:::::::*
cpe:2.3:a:opensc-project:opensc:0.3.5:::::::*
cpe:2.3:a:opensc-project:opensc:0.4.0:::::::*
cpe:2.3:a:opensc-project:opensc:0.5.0:::::::*
cpe:2.3:a:opensc-project:opensc:0.6.0:::::::*
cpe:2.3:a:opensc-project:opensc:0.6.1:::::::*
cpe:2.3:a:opensc-project:opensc:0.7.0:::::::*
cpe:2.3:a:opensc-project:opensc:0.8:::::::*
cpe:2.3:a:opensc-project:opensc:0.8.0:::::::*
cpe:2.3:a:opensc-project:opensc:0.8.0.0:::::::*
cpe:2.3:a:opensc-project:opensc:0.8.1:::::::*
cpe:2.3:a:opensc-project:opensc:0.9:::::::*
cpe:2.3:a:opensc-project:opensc:0.9.2:::::::*
cpe:2.3:a:opensc-project:opensc:0.9.3:::::::*
cpe:2.3:a:opensc-project:opensc:0.9.4:::::::*
cpe:2.3:a:opensc-project:opensc:0.9.5:::::::*
cpe:2.3:a:opensc-project:opensc:0.9.6:::::::*
cpe:2.3:a:opensc-project:opensc:0.9.7:::::::*
cpe:2.3:a:opensc-project:opensc:0.9.7:b::::::
cpe:2.3:a:opensc-project:opensc:0.9.7:d::::::
cpe:2.3:a:opensc-project:opensc:0.9.8:::::::*
cpe:2.3:a:opensc-project:opensc:0.10.0:::::::*
cpe:2.3:a:opensc-project:opensc:0.10.1:::::::*
cpe:2.3:a:opensc-project:opensc:0.11.0:::::::*
cpe:2.3:a:opensc-project:opensc:0.11.1:::::::*
cpe:2.3:a:opensc-project:opensc:0.11.2:::::::*
cpe:2.3:a:opensc-project:opensc:0.11.3:::::::*
cpe:2.3:a:opensc-project:opensc:0.11.3:pre3::::::
cpe:2.3:a:opensc-project:opensc:0.11.4:::::::*
cpe:2.3:a:opensc-project:opensc:0.11.5:::::::*